Mobile application fraud: all you need to know about the risks

Often deemed more secure than its desktop counterpart, eCommerce and digital banking experiences on mobile devices have come under increasing scrutiny as the threat of mobile application fraud has increased. The particular popularity of mobile eCommerce (M-Commerce) has continued to grow as more users access digital goods and services through smartphones and other mobile devices. Fraudsters never remain idle - far from it - they have developed sophisticated tools that can lead to successful fraud attacks against mobile users, just as well as they would on other platforms.

It might sound like scaremongering, but the very real effects of mobile application fraud can result in huge financial losses to businesses and financial institutions through outright theft but also major damage to a company's reputation for not having adequate security measures in place to prevent attacks. Customer trust can be lost, leading to lost custom and negative online reviews. If the fraud attempts are big enough in scale, they could even gain major media coverage that can completely tarnish a company’s reputation and security credentials. Regaining lost trust can take years. As for individuals, fraud can lead to crippling financial losses, or worse, identity theft. These very real mobile fraud outcomes should send a shudder down your spine, which is why you need to know as much as possible about the threat of fraud on mobile devices, but most importantly, how to prevent them.

First and foremost, the very incorrect assumption, held by many, that mobile devices are more secure than desktops can lead to a false sense of security. This can result in the average person believing that they are free from the threat of fraud and can succumb more easily to certain types of mobile application fraud. Of course, all systems and hardware, no matter how secure they claim to be, can be hacked or bypassed. At Nethone, we continually monitor threats, including the tools and techniques used by fraudsters to succeed in their activities, and we’ve definitely seen an increase in fraud attacks focused on mobile devices. To discredit the threat is to leave yourself open to fraud attempts - which only serves to delight fraudsters as their attempts gain a higher chance of success.

There is a misconception that fraud on mobile applications occurs only at the point of payment - this cannot be further from the truth, as in reality, the entire customer journey can be affected, from start to finish. It is not enough to simply rely on payment authentication measures and tokenization (encryption) of mobile payments at the point of purchase. Merchants and payment service providers must truly understand the users behind every interaction that takes place. In a practical sense, this means having an insight into the network and device setup of each user, and determining if someone using an account to purchase goods and services is the original account holder - piecing together all this information gives a strong indication of whether a user is a genuine customer, dishonest customer taking advantage of return policies or promo abuse, or someone with fraudulent intentions.

So what types of fraud should you be aware of? In short: the same types of fraud are associated with desktop platforms, albeit adapted for the specifics of mobile devices. The list of techniques is growing, which is why we continually monitor the dark web in order to match them, stopping fraudsters in their tracks. Although the full list really is extensive, some of the most common types of successful mobile application fraud attempts rely on social engineering, that is, persuading people to do something that is not necessarily in their best interest. With the rise of digital banking and eCommerce being aided by the growing use of mobile devices and apps to shop online, make payments and perform banking transactions etc., there are inevitably many people that are not fully aware of the potential risk involved in the online environment. Some of the most successful account takeovers (ATO) and identity thefts are accomplished through phishing (email) and SMiShing (SMS messages) purporting to be a customer’s bank, for example, encouraging them to click on a link and visit a fake page that looks like a legitimate banking page or to download and install malware or remote access tools (such as the popular TeamViewer app), which can then be used to steal your account and payment details and other sensitive information.

The professionalization of fraud has made it easier than ever to buy malware from dark web marketplaces that are specifically aimed at mobile devices - their level of sophistication is as impressive as they are worrying. Fraudsters can use tools such as emulators that behave like another system entirely or root/jailbreak hiding software that remove Apple and Google software restrictions in order to allow the installation of 3rd party software such as spyware. The list of threats is continually growing.

Another misconception held by eCommerce merchants is that truly advanced fraud detection is generally expensive, and even more so if extending the solution to mobile application fraud. The truth is, the mobile anti-fraud element is usually standard in a fraud management setup and isn’t overly expensive or time-consuming to implement. For example, Nethone’s solution to mobile application fraud comes in the form of a lightweight SDK (the lightest on the market) for both iOS and Android.

Advanced fraud detection for mobile can have a hugely positive impact on a company. First and foremost, the vast capabilities of artificial intelligence and machine learning models ensure the effectiveness of fraud detection and prevention. What’s more, it’s all done automatically in real-time, and passively, running in the background completely unnoticeable in order to provide a frictionless customer experience. The benefits to businesses are practical, in terms of cutting operational costs on time-consuming manual reviews, and significantly reducing chargeback rates and false positives. Your company’s reputation grows, with your customers trusting your service with their personal details and payments.

To neglect mobile application fraud makes little business sense as so much risk is involved in ignoring the threat as opposed to the numerous benefits of using an advanced fraud detection solution. Businesses and merchants must weigh up the costs of foregoing adequate measures to prevent mobile application fraud, but the choice is fairly simple: the costs are certainly a heavy burden - but that burden can be lifted, all with the help of an advanced and lightweight SDK.

If you wish to protect your business from the risks associated with mobile application fraud, we're here to help with the perfect solution.